Meta Instagram AI Support Tool Data Breach

Meta recently disclosed a cybersecurity incident involving a vulnerability in its AI-assisted Instagram account recovery tool (“High Touch Support” or HTS). Unauthorized actors exploited this vulnerability to perform password resets on Instagram accounts, potentially accessing personal data for affected users.

Meta Instagram AI Support Tool’s Data Breach Investigation

On May 31, 2026, Meta identified that a bug in the HTS tool allowed third parties to request password reset links for accounts without proper verification. This flaw could result in unauthorized access to accounts for users who did not have two-factor authentication (2FA) enabled.

HTS is designed to help users regain access to their accounts, but due to this vulnerability, an attacker could obtain a reset link for accounts they did not own. Upon discovering the issue, Meta disabled the tool, invalidated all outstanding reset links generated through the vulnerable path, and required all potentially affected accounts to go through mandatory security checkpoints. Impacted users were instructed to reset passwords and re-authenticate through secure channels .

The vulnerability could have exposed the following information for 30 Maine users:

• Contact information (email, phone number)
• Date of birth
• Social media posts, stories, and content
• Direct messages and communications
• Account activity and interaction history
• Profile information (biography, profile photo)
• Connected accounts and linked services

Meta is conducting a comprehensive review of similar account recovery flows across its platforms and will notify affected users to review security settings and enable 2FA.

When Did This Breach Occur?

The vulnerability was exploited on May 31, 2026, and discovered the same day. Meta has since secured all affected accounts and remediated the system to prevent further unauthorized access .

What Information Was Breached?

Potentially exposed personal information includes:

• Email addresses and/or phone numbers
• Dates of birth
• Instagram posts, stories, and media content
• Direct messages and communications
• Account activity history
• Profile details, including biography and profile photo
• Connected third-party accounts and linked services

What You Can Do

Affected users should immediately enable two-factor authentication on Instagram and review all account security settings. Monitor account activity and be alert for suspicious messages or unauthorized access attempts.

Users may also consider changing passwords for connected accounts and reviewing security for linked services. Remain vigilant against phishing attacks that attempt to exploit exposed account details.

File a Data Breach Lawsuit Against Meta

If you were impacted by this incident and suffered unauthorized access or misuse of personal information, you may be eligible to join a class action lawsuit.

Class action lawsuits allow affected individuals to pursue compensation for identity theft risks, unauthorized account access, and any financial or privacy-related damages. Legal action can also encourage stronger security safeguards for account recovery tools and platform protections.

Contact us at Class Action U, where we’ll connect you with a lawyer skilled in class action lawsuits. If you’ve been contacted about this breach, received notice, or discovered you were impacted, fill out our quick, easy, and secure form to sign up. There is no cost to reach out to our legal partner and no obligation after speaking with someone from our team.